From ca8eee7545f75c199bde0121bd6a0792d67c5b91 Mon Sep 17 00:00:00 2001
From: Angie Byron <webchick@24967.no-reply.drupal.org>
Date: Sun, 1 Nov 2009 21:26:44 +0000
Subject: #192056 by effulgentsia, Dave Cohen, andypost, hswong3i, geodaniel,
 pwolanin, and dahacouk: Ensure user's raw login name is never output
 directly.

---
 modules/contact/contact.module    | 4 ++--
 modules/contact/contact.pages.inc | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'modules/contact')

diff --git a/modules/contact/contact.module b/modules/contact/contact.module
index 891992703..3ba19a55e 100644
--- a/modules/contact/contact.module
+++ b/modules/contact/contact.module
@@ -174,7 +174,7 @@ function contact_mail($key, &$message, $params) {
     '!subject' => $params['subject'],
     '!category' => isset($params['category']['category']) ? $params['category']['category'] : '',
     '!form-url' => url($_GET['q'], array('absolute' => TRUE, 'language' => $language)),
-    '!sender-name' => $params['sender']->name,
+    '!sender-name' => format_username($params['sender']),
     '!sender-url' => $params['sender']->uid ? url('user/' . $params['sender']->uid, array('absolute' => TRUE, 'language' => $language)) : $params['sender']->mail,
   );
 
@@ -194,7 +194,7 @@ function contact_mail($key, &$message, $params) {
     case 'user_mail':
     case 'user_copy':
       $variables += array(
-        '!recipient-name' => $params['recipient']->name,
+        '!recipient-name' => format_username($params['recipient']),
         '!recipient-edit-url' => url('user/' . $params['recipient']->uid . '/edit', array('absolute' => TRUE, 'language' => $language)),
       );
       $message['subject'] .= t('[!site-name] !subject', $variables, array('langcode' => $language->language));
diff --git a/modules/contact/contact.pages.inc b/modules/contact/contact.pages.inc
index 72603a39d..f3827083d 100644
--- a/modules/contact/contact.pages.inc
+++ b/modules/contact/contact.pages.inc
@@ -64,7 +64,7 @@ function contact_site_form($form, &$form_state) {
     '#type' => 'textfield',
     '#title' => t('Your name'),
     '#maxlength' => 255,
-    '#default_value' => $user->uid ? $user->name : '',
+    '#default_value' => $user->uid ? format_username($user) : '',
     '#required' => TRUE,
   );
   $form['mail'] = array(
@@ -180,7 +180,7 @@ function contact_personal_form($form, &$form_state, stdClass $recipient) {
     return drupal_access_denied();
   }
 
-  drupal_set_title(t('Contact @username', array('@username' => $recipient->name)), PASS_THROUGH);
+  drupal_set_title(t('Contact @username', array('@username' => format_username($recipient))), PASS_THROUGH);
 
   if (!$user->uid) {
     $form['#attached']['library'][] = array('system', 'cookie');
@@ -196,7 +196,7 @@ function contact_personal_form($form, &$form_state, stdClass $recipient) {
     '#type' => 'textfield',
     '#title' => t('Your name'),
     '#maxlength' => 255,
-    '#default_value' => $user->uid ? $user->name : '',
+    '#default_value' => $user->uid ? format_username($user) : '',
     '#required' => TRUE,
   );
   $form['mail'] = array(
-- 
cgit v1.2.3